Applying Rate Limiting Policy and Spike Control Policy in API

This article describes applying and testing Rate Limiting Policy and Spike Control Policy in Mule 4 and driving a comparison between the two.

What Is Rate Limiting Policy?

In Rate Limiting Policy, one is allowed to send only a certain number of requests in a given time interval.

When a request is sent and the rate limit is not reached, the request is processed further. But if the rate limit has been reached, the request is not processed and is terminated.e

What Is Spike Control Policy?

The Spike Control Policy is provided for smoothing API traffic. The policy ensures that within any given period of time, no more than the maximum configured requests are processed.

If there is no request quota in the current window, the policy allows requests to be queued for later reprocessing without closing the connection to the client.

Here, I am applying these policies in my previous article.

Setting up Rate Limiting Policy

In API Manager, Click on the newly created API and click on policies on the left panel.

Click on Apply New Policy and select Rate Limiting policy from the Select Policy Tab.

The configuration for the Rate Limiting Policy:

Once you click apply on the configuration tab, the policy will be displayed in the API Manager.

Testing the Rate Limiting Policy

Look at the configuration above.

Only three calls to the API in 1 minute i.e. the API will be requested successfully only 3 times in 1 minute and no more than that.

Any request to the API above 3 requests will fail it, displaying the message: "error": "Quota has been exceeded"

The API does not wait for the time to complete to process the request. It will only process the request once the 1 minute time is over (and that only 3 requests).

NO QUEUING OF THE REQUEST  FOR LATER PROCESSING

Setting up Spike Control Policy

Delete the existing Rate Limiting policy and replace it with Spike Control Policy.

The Configuration of the Spike Control Policy:

Three requests to the API in 5 seconds and any request exceeding three will wait for 10 seconds to be processed again without losing the connection with the client.

Therefore, Spike Control provides the smoothing of the traffic by restricting the calls to the API for a certain amount of time and lining the request in the queue.

For three request in 5 sec:

For request exceeding 3, in 5 seconds:

The page is reloading and will display the result after 10 seconds delay time, therefore restricting the traffic to the API for smooth functioning.

For requests exceeding the time Quota:

This situation occurs when there are many requests waiting in the queue to be processed after the time delay.

Try changing the configuration values and then see the results.

Conclusion

Rate limiting excluded all the requests if the quota is exceeded, but in the case of Spike Control, the delay time is set, which reduces the number of failing requests even after the quota is exceeded. Hence the smooth flow of traffic.